USM Anywhere™

Orchestration Rules Workflow

Role Availability Read-Only Analyst   Manager

USM Anywhere follows a specific order for applying orchestration rules:

  1. Filtering rules: These rules are essential to control the traffic of your events Any traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall.. USM Anywhere does not process nor save events that match a filtering rule.
  2. Suppression rules: USM Anywhere saves the events that match a suppression rule, but does not correlate these suppressed events. By default, USM Anywhere hides these suppressed events. If you want to see these events, click Suppressed in the Search & Filters area. The table displays suppressed events along with all events. See To only display the suppressed events if you want to display just the suppressed events.
  3. Notification, alarm, and response action rules: USM Anywhere processes and correlates all events that match one of these rules.

This diagram summarizes the workflow of orchestration rules:

Orchestration Rules Workflow